Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Remove POSTGRES_PASSWORD variable in compose file #483

Merged
merged 2 commits into from
Jan 20, 2025
Merged

fix: Remove POSTGRES_PASSWORD variable in compose file #483

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
65f284f
fix: Remove POSTGRES_PASSWORD variable in compose file
lindseysimple Jan 15, 2025
b1c8431
fix: Remove POSTGRES_PASSWORD in docker-compose.yml
lindseysimple Jan 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 3 additions & 5 deletions compose-builder/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# /*******************************************************************************
# * Copyright 2023 Intel
# * Copyright 2024 IOTech Ltd
# * Copyright 2024-2025 IOTech Ltd
# *
# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
# * in compliance with the License. You may obtain a copy of the License at
Expand Down Expand Up @@ -802,7 +802,7 @@ ifeq (no-secty, $(filter no-secty,$(ARGS)))
COMPOSE_FILES:=$(COMPOSE_FILES) -f add-mqtt-messagebus.yml -f ${BROKER_YAML}
endif
else
COMPOSE_FILES:=$(COMPOSE_FILES) -f add-security.yml -f add-postgres.yml -f add-secure-postgres.yml
COMPOSE_FILES:=$(COMPOSE_FILES) -f add-security.yml -f add-secure-postgres.yml

ifeq ($(BUS),) # if BUS not set, then we are using secure mqtt messagebus by default
IS_MQTT_BUS:=1
Expand Down Expand Up @@ -845,7 +845,6 @@ ifeq (taf-secty, $(filter taf-secty,$(ARGS)))
-f add-mqtt-messagebus.yml \
-f add-secure-mqtt-messagebus.yml \
-f add-secure-mqtt-broker.yml \
-f add-postgres.yml \
-f add-secure-postgres.yml

asc_http_export_ext:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" ./gen_secure_compose_ext.sh app-http-export \
Expand Down Expand Up @@ -920,7 +919,6 @@ else
-f ${BROKER_YAML} \
-f ${TAF_BROKER_YAML} \
-f add-delayed-start-services.yml \
-f add-postgres.yml \
-f add-secure-postgres.yml

asc_mqtt_export_ext:= $(shell ZERO_TRUST="$(MAKE_ZERO_TRUST)" GEN_EXT_DIR="$(GEN_EXT_DIR)" IS_MQTT_BUS="0" ./gen_secure_compose_ext.sh app-mqtt-export \
Expand Down Expand Up @@ -994,7 +992,7 @@ define COMPOSE_DOWN
-f add-security-proxy.yml \
-f add-delayed-start-services.yml \
-f add-postgres.yml \
-f add-secure-postgres.yml
-f add-secure-postgres.yml \
down $1
endef

Expand Down
17 changes: 15 additions & 2 deletions compose-builder/add-secure-postgres.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# /*******************************************************************************
# * Copyright 2024 IOTech Ltd
# * Copyright 2024-2025 IOTech Ltd
# *
# * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
# * in compliance with the License. You may obtain a copy of the License at
Expand All @@ -19,18 +19,31 @@ volumes:
services:
database:
entrypoint: ["/edgex-init/postgres_wait_install.sh"]
image: postgres:${POSTGRES_VERSION}
ports:
- "127.0.0.1:5432:5432"
container_name: edgex-postgres
hostname: edgex-postgres
read_only: true
restart: always
networks:
- edgex-network
env_file:
- common-security.env
- common-sec-stage-gate.env
environment:
DATABASECONFIG_PATH: /tmp/postgres-init-scripts
DATABASECONFIG_NAME: create-users.sh
POSTGRES_DB: edgex_db
security_opt:
- no-new-privileges:true
tmpfs:
- /run
- /tmp
volumes:
- /etc/localtime:/etc/localtime:ro
- edgex-init:/edgex-init:ro
- postgres-data:/var/lib/postgresql/data
- db-data:/var/lib/postgresql/data
- /tmp/edgex/secrets/security-bootstrapper-postgres:/tmp/edgex/secrets/security-bootstrapper-postgres:ro,z
depends_on:
- security-bootstrapper
Expand Down
17 changes: 8 additions & 9 deletions docker-compose-arm64.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -489,7 +489,6 @@ services:
DATABASECONFIG_PATH: /tmp/postgres-init-scripts
EDGEX_SECURITY_SECRET_STORE: "true"
POSTGRES_DB: edgex_db
POSTGRES_PASSWORD: postgres
PROXY_SETUP_HOST: edgex-security-proxy-setup
SECRETSTORE_HOST: edgex-secret-store
STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper
Expand Down Expand Up @@ -529,15 +528,15 @@ services:
read_only: true
bind:
create_host_path: true
- type: volume
source: postgres-data
target: /var/lib/postgresql/data
volume: {}
- type: volume
source: edgex-init
target: /edgex-init
read_only: true
volume: {}
- type: volume
source: db-data
target: /var/lib/postgresql/data
volume: {}
- type: bind
source: /tmp/edgex/secrets/security-bootstrapper-postgres
target: /tmp/edgex/secrets/security-bootstrapper-postgres
Expand Down Expand Up @@ -889,7 +888,7 @@ services:
deploy:
resources:
limits:
memory: "2108837330944"
memory: "6353502339072"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
Expand All @@ -913,7 +912,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.1
memswap_limit: "2108837330944"
memswap_limit: "6353502339072"
networks:
edgex-network: null
ports:
Expand Down Expand Up @@ -1372,6 +1371,8 @@ networks:
name: edgex_edgex-network
driver: bridge
volumes:
db-data:
name: edgex_db-data
edgex-init:
name: edgex_edgex-init
kuiper-connections:
Expand All @@ -1390,8 +1391,6 @@ volumes:
name: edgex_nginx-templates
nginx-tls:
name: edgex_nginx-tls
postgres-data:
name: edgex_postgres-data
secret-store-config:
name: edgex_secret-store-config
secret-store-file:
Expand Down
17 changes: 8 additions & 9 deletions docker-compose-with-app-sample-arm64.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -566,7 +566,6 @@ services:
DATABASECONFIG_PATH: /tmp/postgres-init-scripts
EDGEX_SECURITY_SECRET_STORE: "true"
POSTGRES_DB: edgex_db
POSTGRES_PASSWORD: postgres
PROXY_SETUP_HOST: edgex-security-proxy-setup
SECRETSTORE_HOST: edgex-secret-store
STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper
Expand Down Expand Up @@ -606,15 +605,15 @@ services:
read_only: true
bind:
create_host_path: true
- type: volume
source: postgres-data
target: /var/lib/postgresql/data
volume: {}
- type: volume
source: edgex-init
target: /edgex-init
read_only: true
volume: {}
- type: volume
source: db-data
target: /var/lib/postgresql/data
volume: {}
- type: bind
source: /tmp/edgex/secrets/security-bootstrapper-postgres
target: /tmp/edgex/secrets/security-bootstrapper-postgres
Expand Down Expand Up @@ -966,7 +965,7 @@ services:
deploy:
resources:
limits:
memory: "2108837330944"
memory: "6353502339072"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
Expand All @@ -990,7 +989,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.1
memswap_limit: "2108837330944"
memswap_limit: "6353502339072"
networks:
edgex-network: null
ports:
Expand Down Expand Up @@ -1449,6 +1448,8 @@ networks:
name: edgex_edgex-network
driver: bridge
volumes:
db-data:
name: edgex_db-data
edgex-init:
name: edgex_edgex-init
kuiper-connections:
Expand All @@ -1467,8 +1468,6 @@ volumes:
name: edgex_nginx-templates
nginx-tls:
name: edgex_nginx-tls
postgres-data:
name: edgex_postgres-data
secret-store-config:
name: edgex_secret-store-config
secret-store-file:
Expand Down
17 changes: 8 additions & 9 deletions docker-compose-with-app-sample.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -566,7 +566,6 @@ services:
DATABASECONFIG_PATH: /tmp/postgres-init-scripts
EDGEX_SECURITY_SECRET_STORE: "true"
POSTGRES_DB: edgex_db
POSTGRES_PASSWORD: postgres
PROXY_SETUP_HOST: edgex-security-proxy-setup
SECRETSTORE_HOST: edgex-secret-store
STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper
Expand Down Expand Up @@ -606,15 +605,15 @@ services:
read_only: true
bind:
create_host_path: true
- type: volume
source: postgres-data
target: /var/lib/postgresql/data
volume: {}
- type: volume
source: edgex-init
target: /edgex-init
read_only: true
volume: {}
- type: volume
source: db-data
target: /var/lib/postgresql/data
volume: {}
- type: bind
source: /tmp/edgex/secrets/security-bootstrapper-postgres
target: /tmp/edgex/secrets/security-bootstrapper-postgres
Expand Down Expand Up @@ -966,7 +965,7 @@ services:
deploy:
resources:
limits:
memory: "2108837330944"
memory: "6353502339072"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
Expand All @@ -990,7 +989,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.1
memswap_limit: "2108837330944"
memswap_limit: "6353502339072"
networks:
edgex-network: null
ports:
Expand Down Expand Up @@ -1449,6 +1448,8 @@ networks:
name: edgex_edgex-network
driver: bridge
volumes:
db-data:
name: edgex_db-data
edgex-init:
name: edgex_edgex-init
kuiper-connections:
Expand All @@ -1467,8 +1468,6 @@ volumes:
name: edgex_nginx-templates
nginx-tls:
name: edgex_nginx-tls
postgres-data:
name: edgex_postgres-data
secret-store-config:
name: edgex_secret-store-config
secret-store-file:
Expand Down
17 changes: 8 additions & 9 deletions docker-compose-zero-trust-arm64.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -477,7 +477,6 @@ services:
DATABASECONFIG_PATH: /tmp/postgres-init-scripts
EDGEX_SECURITY_SECRET_STORE: "true"
POSTGRES_DB: edgex_db
POSTGRES_PASSWORD: postgres
PROXY_SETUP_HOST: edgex-security-proxy-setup
SECRETSTORE_HOST: edgex-secret-store
STAGEGATE_BOOTSTRAPPER_HOST: edgex-security-bootstrapper
Expand Down Expand Up @@ -517,15 +516,15 @@ services:
read_only: true
bind:
create_host_path: true
- type: volume
source: postgres-data
target: /var/lib/postgresql/data
volume: {}
- type: volume
source: edgex-init
target: /edgex-init
read_only: true
volume: {}
- type: volume
source: db-data
target: /var/lib/postgresql/data
volume: {}
- type: bind
source: /tmp/edgex/secrets/security-bootstrapper-postgres
target: /tmp/edgex/secrets/security-bootstrapper-postgres
Expand Down Expand Up @@ -809,7 +808,7 @@ services:
deploy:
resources:
limits:
memory: "2108837330944"
memory: "6353502339072"
entrypoint:
- /edgex-init/secretstore_wait_install.sh
environment:
Expand All @@ -833,7 +832,7 @@ services:
STAGEGATE_WAITFOR_TIMEOUT: 60s
hostname: edgex-secret-store
image: openbao/openbao:2.1
memswap_limit: "2108837330944"
memswap_limit: "6353502339072"
networks:
edgex-network: null
ports:
Expand Down Expand Up @@ -1210,6 +1209,8 @@ networks:
name: edgex_edgex-network
driver: bridge
volumes:
db-data:
name: edgex_db-data
edgex-init:
name: edgex_edgex-init
kuiper-connections:
Expand All @@ -1224,8 +1225,6 @@ volumes:
name: edgex_kuiper-plugins
kuiper-sources:
name: edgex_kuiper-sources
postgres-data:
name: edgex_postgres-data
secret-store-config:
name: edgex_secret-store-config
secret-store-file:
Expand Down
Loading